Extracted

• • Target

    ebd494a0747eab84aac0b4feb25f4f26_JaffaCakes118

  • Size

    508KB

  • MD5

    ebd494a0747eab84aac0b4feb25f4f26

  • SHA1

    5bfdd529187ba019eeaf1a2867941308cb19a721

  • SHA256

    33b2a70bdd26061272b778e683b6e7f904060677d05c8aa26595cd44c5d11b50

  • SHA512

    c4a730a9ff85190fd8f82b6af7acafeba745d03aa0df14dfb5efeed51eb9e2266d5dca4c86124e96325c7ad0d1eefc23d7abb8aff13c165eb0ab24ecd9493584

  • SSDEEP

    12288:mHCxJuzO8PW418jZZUozZuzYgwz3r14Y07KCJ:8ddZ+tZlVUYBzB0KC

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2